ATTACK 2020 - 2024 2023 2022 2021 2020 Other
|
13.12.20 |
PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP hyperlink can provide a foothold into the inner workings of a PDF. | XSS | ||
|
17.11.20 |
Hardware-based fault injection attacks such as voltage and clock glitching have been thoroughly studied on embedded devices. Typical targets for such attacks include smartcards and low-power microcontrollers used in IoT devices | Hardware | ||
|
13.11.20 |
In this paper, we report a series of flaws in the software stack that leads to a strong revival of DNS cache poisoning — a classic attack which is mitigated in practice with simple and effective randomization-based defenses such as randomized source port. | DNS | ||
|
2.11.20 |
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. | TCP/UDP | ||
13.9.20 |
There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. | CryptoCurrency | ||
10.9.20 | Bluetooth 4.0 through 5.0 versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. | Bluetooth | ||
10.9.20 | A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. | SSL/TLS | ||
3.9.20 | CHARGEN Reflection attacks take advantage of the Character Generation Protocol, originally designed for troubleshooting, which allows sending a random number of characters. | DDoS | ||
3.9.20 | A CLDAP Reflection Attack exploits the Connectionless Lightweight Directory Access Protocol (CLDAP), which is an efficient alternative to LDAP queries over UDP. | DDoS | ||
1.9.20 | BloodHound is a popular open-source tool for enumerating and visualizing the domain Active Directory and is used by red teams and attackers as a post-exploitation tool. The enumeration allows a graph of domain devices, users actively signed into devices, and resources along with all their permissions. | Active Directory | ||
13.8.20 | 'PowerFall' Attacks |
Windows and IE Zero-Day Vulnerabilities Chained in 'PowerFall' Attacks. An attack launched in May 2020 against a South Korean company involved an exploit that chained zero-day vulnerabilities in Windows and Internet Explorer, Kaspersky reported on Wednesday. | Vulnerebility | |
13.8.20 | Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard and deployed by most telecommunication providers in practice | 4G (LTE) | ||
9.8.20 | In advanced phishing attacks today, phishing emails may contain homogyph characters. homoglyph is a text character with shapes that are near identical or similar to each other. | Phishing | ||
6.8.20 | HTTP request smuggling is an interesting vulnerability type that has gained popularity over the last year. This vulnerability could allow an attacker to leverage specific features of the HTTP/1.1 protocol in order to bypass security protections, conduct phishing attacks, as well as obtain sensitive information from requests other than their own. | HTTP | ||
6.8.20 | HTTP Request Smuggling Attack |
Variant 1: "Header SP/CR junk: | HTTP | |
6.8.20 | HTTP Request Smuggling Attack |
Variant 2 – "Wait for It" | HTTP | |
6.8.20 | HTTP Request Smuggling Attack |
Variant 3 – HTTP/1.2 to bypass mod_security-like defense | HTTP | |
|
6.8.20 | HTTP Request Smuggling Attack |
Variant 4 – a plain solution | HTTP | |
|
6.8.20 | HTTP Request Smuggling Attack |
Variant 5 – "CR header" | HTTP | |
31 .7.20 |
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. | Crypto | ||
23 .7.20 |
A new attack that searches for unsecured databases and deletes the data without explanation has been found by researchers. This attack, dubbed “Meow,” due to the fact that the attacker renames databases, tables and indices by appending “-meow” to the end of the original names, was verified by BleepingComputer with the use of the Shodan search engine. | Database | ||
5.7.20 | Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room.You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there—visible from a window—and measuring the amount of light it emits. | Hacking | ||
5.7.20 | Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. | CPU | ||
5.7.20 | Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE). | CPU | ||
|
23.5.20 | The NXNSAttack is a new vulnerability that exploits the way DNS recursive resolvers operate when receiving NS referral response that contains nameservers but without their corresponding IP addresses (i.e., missing glue-records). | DNS Attack | ||
|
7.3.20 | The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack, although technically homoglyph is the more accurate term for different characters that look alike). | Communication | ||
|
3.3.20 | Interactive Hidden Attack on VoiceAssistants Using Ultrasonic Guided Waves | |||
|
25.2.20 | In mobile networks, mutual authentication ensures that the smartphone and the network can verify their identities. In LTE, mutual authentication is established on the control plane with a provably secure authentication and key agreement protocol. However, missing integrity protection of the user plane still allows an adversary to manipulate and redirect IP packets. | 4G | ||
29 .1.20 |
If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. | CPU | ||
|
9.1.20 | We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1. Check our paper here for more details. | Crypto |